Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Chinese Hackers Mount Espionage Campaign During Trump-Putin Summit

An uncharacteristic spate of strikes against IoT devices in Finland during the summit was likely an indicator of a coordinated cyberespionage effort, researchers said.

Cyberattackers, unsurprisingly, appear to be interested in Donald Trump as an intelligence target – as evidenced by an uncharacteristic spate of strikes against IoT devices in Finland during the American president’s summit there with Russia’s Vladimir Putin.

According to researchers, the uptick was likely an indicator of a coordinated cyberespionage effort emanating from Chinese actors, bent on gathering intelligence about what was said in the meetings between the two leaders and their staffs. Hackers attacked a protocol used for IoT devices that could be turned on to listen in on private meetings, and as many of these devices still use factory settings (which often include usernames that are the name of the manufacturer or software provider), this can be an effective way to gain control over poorly secured access points.

“The rise of poorly secured IoT devices has made it possible for attackers to gain access to targets of interest,” said F5 researchers, in a posting Thursday on the findings. “Nation-states, spies, mercenaries and others don’t need to dress up as repairmen to plant bugs in rooms anymore; they can just hack into a room that has vulnerable IoT devices.”

On July 16, Trump met with the Russian president in Helsinki, the Finnish capital. An analysis of global malicious traffic by F5 uncovered that attacks against IoT targets in Finland saw a significant uptick in the days before the meeting.

“Finland is not typically a top attacked country; it receives a small number of attacks on a regular basis,” said the researchers. “Aside from the attacks on 7/12 and 7/14, Finland doesn’t even register on the chart [of most-attacked nations].”

Starting on July 12, several protocols were targeted, such as SIP port 5060, which VoIP phones and videoconferencing systems use; SQL port 1433; and Telnet port 23, often used for remote administration of IoT devices.

CLICK TO ZOOM

However, brute-force attacks against SSH port 22 especially skyrocketed far above the baseline for the Nordic country, accounting for half of the offensives. This is likely due to the fact that device credentials are typically vendor defaults and, as such, are routinely brute-forced.

“IoT devices are moving to SSH for remote administration because it’s more secure than Telnet—although ‘protecting’ with default admin credentials doesn’t secure anything,” the researchers said.

F5 was able to determine that China was the top attacker, with ChinaNet leading the way; across the board, the attacks came from Chinese networks that are commonly in the firm’s top 10 attacking networks list. Researchers were unsure, however, if any of the efforts were successful.

This is not the first Trump-related IoT campaign: There was also a spike in IoT attacks during his meeting with North Korean leader Kim Jung-Un in June – this time with Russia actors in the driver’s seat, accounting for 88 percent of the attacks according to F5.

“Russia has been compromising global network infrastructure, including small office/home office (SOHO) routers and switches, to spy on adversaries and maintain persistent access for future operations,” the F5 researchers said. “Attacking technology infrastructure to spy and collect data is not a new attack type. Nefarious attackers learn from nation-state APTs and attempt to follow in their footsteps … Even allied state actors have an interest in gaining eyes or ears into any member of the Trump entourage.”

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.